IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for SSLKEYLOG File

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 12 March 2024 22:45 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1CCFC14F6B5 for <tls@ietfa.amsl.com>; Tue, 12 Mar 2024 15:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.008
X-Spam-Level:
X-Spam-Status: No, score=-7.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1DiWRuQRswu for <tls@ietfa.amsl.com>; Tue, 12 Mar 2024 15:45:49 -0700 (PDT)
Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2102.outbound.protection.outlook.com [40.107.105.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C232C14F69E for <tls@ietf.org>; Tue, 12 Mar 2024 15:45:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a6b9zfai5O2LwzF/7g3cQNcMnI1EK7E4Ud4GYjgBXdIPFniVO+6D1iREXYTRLzE9SOD4HzqrHkpJyu82djtSbFW+nb9s72Xf5dMtNqBOEJyuKtHPdCgEB7OvbU2y9VuXuoe1tp5CWfrAB1DsXDJcXpRKgQ/8LC6t1K25x9FI5OJGtJk1mlIYFvpi8o32dBazW3hXIeYs2rLFO1Z9R1Ny1OBEc15tpceSh7Tdkw38Rj9r8VxLl/XzPin9InySUZt41hoDMV3NHZkYIaYE5K0JTmBk4XzxkuXnvimYr0VnpoSqhLvodjHWwVE92RnoKR3a6a5zJlvDsKCss8MSWGMjSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tCBj8n+KlNbcfMPMdFdY01FQO94aKppvTO3l5qfFCf0=; b=SjqL9pPoj/6iSdiZllrwnZl/NwMlukJLUpvLHaf0AqzdwJMKntGJbdzSaZwiaQrfO8uba7MhmP6jHsOCFJu21TY1YNo/+JD8r5hACMmEGEPKVPwYukTDtKfaEy3za567Lz8eTLF1oXDUyeSoPfzHvcVzXzzyYtXoZgaXcla/wE/fH57UjeIS11cEmDn+E+dspoKMtlQgvs7clqih39LUpJjFHJUsGs2afSrbS0vCLc9/Ecujs3n6zi5JU3LQF6rH0nax/xNieOWZYjQnKTRuVDH8KFMnN7dJzbXyAMjDXEZJt5h31O7KbKZMnNXX0jpMTgg/n+NAY2YTWBZWfA1sbA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tCBj8n+KlNbcfMPMdFdY01FQO94aKppvTO3l5qfFCf0=; b=l0JiARU7fSF/uf3zNJgoyVQKaGhQ5o2gjj6msgS+BcMzNo0el1MnMWBU9lz8kn2BT6WL+eNzKrMGqHxcIHqPaljwaqmWtbe1dY10Xr+Yw3TxZz9hF8AJeQnWtEcpy/H5Bx36XW1KNbny08uRftqzhVNoLnuwbsf4c15gIfWhpDdZGmnPvSihfbTc7OWIInCK1dTVeDc3TAWxgs61BNLIhD1jwfPIMClLOoVoKZAAOUMvzaUKYAyLsWBD8vp0Y4nJj8ufxrXh8IL7ffnPCXOQt/wakEaM/AQNkjHlma+qiXVFDRT9A7mcYzuzmD31AE2rc0EIkRA4Kf5rDmVTMNG6WQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by PAXPR02MB7781.eurprd02.prod.outlook.com (2603:10a6:102:230::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.36; Tue, 12 Mar 2024 22:45:40 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7%4]) with mapi id 15.20.7362.035; Tue, 12 Mar 2024 22:45:40 +0000
Message-ID: <99e0ce36-90c2-45ea-bf18-d901ca1b4e6d@cs.tcd.ie>
Date: Tue, 12 Mar 2024 22:45:38 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Eric Rescorla <ekr@rtfm.com>
Cc: Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
References: <01AF00B4-F9A5-4A25-A6CB-E1D84CF8D11F@sn3rd.com> <cb4d17c5-b2ce-458c-b14f-9882951d2528@cs.tcd.ie> <CABcZeBPX6g=MhvaVHZ5ThpctWCbD5dN1wq98DsW2btm7B0K5Xg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CABcZeBPX6g=MhvaVHZ5ThpctWCbD5dN1wq98DsW2btm7B0K5Xg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------9SODoXi8BTd0A0LkY98b4cP5"
X-ClientProxiedBy: DU2PR04CA0080.eurprd04.prod.outlook.com (2603:10a6:10:232::25) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|PAXPR02MB7781:EE_
X-MS-Office365-Filtering-Correlation-Id: 21e71dba-26da-411c-4a88-08dc42e6243a
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: rh1CwKxiSAHnbslszDm8DE/4Wau3KTytToEzJzMmEr5BtfW6ZtRJ8biTtt7U9Yv2HmUO1vtOJ6LkjPBCDhmyaPJQCqutoOjyt037G7vWg+uncRZeVC4sZkBQb6fMl66TOjum9eTUoGZ/lLv7WJHwF4KDD20r5+M4ufEP7Tj5vLsOSQD0EJJMDNGAcpwiZtFn5wduPTt9OrIEBFyPlhbzIsuyZiCGxzA533N0iDevrOq2E9GPx41FJwNgNy+KK/OmOYS8lk5Pw4Cs/OzPlku1W+DFJQMwqMsCNVgHBg6vfr5xzgS+lrhJRM9b8oz5Eg7L67IWs9NZlIEHijMszPm4bbUDibCAPmf5a5yJaBxSx9N3ChrMvIjcO+eEcWOe4FOXssGks9el/A0/U4DmZJXNH26AkYSe+uMwyF6TbUVXASYCxPl0V20GKzpTaiA0z5xwHHoVJH/7llUOLAxerVdfDTU3FIXUOS+5awtzTMcXmPJfSyWyHYru+DsnylZwlFKqxOkWSRPE9TMwrgYnlB1ILZfUfPaYwV8oeIRkOyJZo7faGwz9gYtCuPvC+8Sbl9DwWZxIvrQw/4qLvvmk4tYTWp5wx5MYt3ha6bhJcKfgi+ao3wfW6ysne6SEwOk0dtvyBDKaQXhkm4i7VmmKFHPA9P5ilqsPz59Vfv55Mnu57jE=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 0hFqLY0tkm1KYIrvlH0CdRfz2xWcMPWD1iLapfyGFuF+cve6YM0sptURp9wr66gFVmDjT7vMcEtib939kUKkHSQlqSRilAQm19ZCIRzT9aDTRaA+aRqasEzJn7kF5LZQZiYOF47jbdNgg2LOrffUooH7VzkeSui8NpYwIvKnM7c1DNCDaUT5vgnZl4LTV1Sn6sX0wys+bgzJ4bn1hAa6PZWd0q//1C07WmnF1g5FOSk2gaT9LpNCtsZuLzJT01BLaW6kWfmSQsa+PVw7VdxY8XN1KqBW1L6J/t+utscUrI+OpZ9REpBm0zNV03r05ag8/04CYF3DkxnYyC7mEWWyj8pWFcfer+4GT/yQrP8yMhHW0TOleBJSlm4njKMWRQy0cDUdkRjFoXqF27X7DsJMSUHzuxivJ32ZmCGPNgXClEyDlzQQtUoOAfzeY+MyL3v27/RFTTcGNWBm2x55WqB1RhON47BVFsWjeLhL2MnD7PMvgnTiImFYJ6mYUUQPLYE+Tikhay884tlGzkyeStDx4bragSsNrcLz3uDe7ndOk9NASWpTiAbUDRb7FgWVZAqKXDp5P4kZ3QQ/mm4xqOV/gMbY7BSLubbefdvUCUxr9VFhhHIRD61Fwz/syHsb8LG6u/JDMKkkNf787/ogsDtexU62BkzBeFi/q71ycUuik2gMRcthGFfiJm1iGCKdR6sXItoJkNYQFJnJDgaR9MLPBJkX3KRnhoiLQdujVfIvapQ6qLgRVtLZntGJiDC3OvUZNXZ+rN7dJmkIAlrCi72UQ7lMOFhdk5bzFxs0j5Ciou7HX1cDp6SXxHp9OgAgemf7ygizBpscEkcPkjNa6w2dz3LrRP38P+1FhQzVlhBilqxZ+Wa/YUajAqonlVRUnHuY41jDPD/LeKjrZyRs02T/Mmpbo94D6nbOMQJasyJ6bW1zNp2IbUJ7Tq0+rdfjq0GATaQ789VaGIXu05LfIDSiZbQrPR/xpXmtQ28Mxh3d/0LScw1h/HxUdO8oufgYz6E73hHcoJNEWrzCBU65lQvZZXgxsJZUh7Z6xfNgLf7cU5NoPNUqN6UZoZZhvg5ahwoGJq13Ss7KoysCTg6bmgZHJRmhN9y58u202JPYCMCq4LC3IjPCYxRWAAsCrfe/vrlTfzAm3yk60H8NIV2LPDDBcGQKoRgzqaGkUjTpqO91a5Cb8iK7KmV4YB8TCtBb9fIAx4/9t0B48Klrmy8rJHKbkaG8rFWFxRD4t0B0NUx5qiNXHnwVueIK9xYAf8niJRh/pehWcghmeGx8a4CGC5KKpoj2n2HEbUZhFJ2Vfolez3e90FVcQSM89BXEeLzndkoM2+3miFNHfUINVIrcbioeDZ90CUFT4u9ZuFT2ArsXkxCqvPorQpT8aIOVXnKnK9XUPriSNH9BHuMI6q7FDRuLH69eUPIueEwk1BDDd4jAjiFzLSMmfLiRbSEgvbgVtMbZhFpCL8ut0UB6d5s7IjfncLzoYJEVNpRBcY1sjkRMunf/AM1BVj5uEf2kP+QzEgbE4gRJFmdLHMMzrfeDODlGG1WyYL5JE5NHXv/Bfu7Nll4ZhiqbpGs3j9uWg4UrpCOIDfYehtaPv2daZEUhI3zMOiMQyskB6DX5yPUePGBQkdTuq1660BkKJWZapRXeVURG
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 21e71dba-26da-411c-4a88-08dc42e6243a
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2024 22:45:39.9781 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 88C1QwdMlnfD/RWiKoVGcAz2FJ4yM39rim59EEzv3ue0cDQICTaUzLMfu2jazobg
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR02MB7781
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ggf-cr9VLSWuchVeUVrnHMaMVy8>
Subject: Re: [TLS] Working Group Last Call for SSLKEYLOG File
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 22:45:54 -0000


On 12/03/2024 22:06, Eric Rescorla wrote:
> I don't think we should make statements about regulatory requirements
> in this kind of specification. That's not our lane.

I'd weakly disagree about making statements such as suggested,
while agreeing with "not out lane." I don't think the text I
suggested crosses that line, but it's fine if others disagree
of course.

I'd also be ok if we only stated that emitting these logs in
production systems means not deploying state of the art security
and letting the rest of the world connect the dots.

Cheers,
S.

PS: to be clear, I'm not objecting to progression if my
suggestion isn't adopted.

v2.23.0 | Report a Bug | By Email